Skip to main content
Use code “RELIEF12” for a limited-time relief pricing of 12% off your purchase at checkout.
Click here for my Dutch 🇳🇱 website.

What Can Be Said Regarding Fake SMS and Online Banking?

Scammers are increasingly trying to deceive their victims with fake SMS messages that are supposedly from a bank. Scammers can even send SMS messages with the real name of a bank as the sender. These fake messages appear on the recipient’s phone among the real messages from that bank.

Fake messages with a threatening warning

These fake messages appear on the recipient’s phone among the real messages from that bank. In the fake SMS messages, the scammers try to get the recipient to click on a hyperlink, usually with a threatening warning. The hyperlink then refers to a fake website that looks exactly like the real website of a bank and where the victim is asked to log in with his confidential security codes for online banking. With these security codes, the scammers can then log in to the bank as if they are the rightful account holder. Sometimes the fake SMS asks the victim to return the security codes of his or her bank via SMS or email. Then there is no hyperlink in the SMS. Send the fake SMS to the real bank that is supposedly the sender. With this, that bank can try to disable the scammers.

What does the bank do?

Unfortunately, a bank cannot prevent a scammer from sending fake SMS messages. Only telecom companies can prevent this. However, DutchBank never sends SMS messages with a hyperlink that the recipient must click on to log in, and they will also never ask their customers to return security codes.

When you forward a fake SMS, with or without a hyperlink, to the real bank that is being mimicked by the scammers, that bank will try to block the fake website or the mobile number of the scammers. At some banks, you can forward the fake SMS to a phone number. If not, copy the full text of the SMS to an email and send it to the mimicked bank. If you don’t know how to copy the text of an SMS, you can perhaps make a screenshot of the SMS and forward it. Always make sure that the hyperlink in the SMS is fully forwarded.

What can you do yourself?

  • Never click on a hyperlink in an unexpected SMS. A real bank never sends an unexpected SMS with a hyperlink to log in.
  • Never send your bank’s security codes, not via SMS, not via email, and not via any other messaging service.
  • A real bank never asks its customers to send those security codes or to give them over the phone.
  • Send the fake SMS to the real bank that is supposedly the sender.
  • Make sure you send the full hyperlink in the SMS to the bank. With this, that bank can try to disable the scammers.
  • Remove the SMS from your phone.
  • Set your phone so that SMS messages from unknown senders are automatically set aside. Some phones can block all hyperlinks in SMS from unknown senders.
  • Still a victim? Call your bank immediately!

Hyperlinks and a number as sender

Hyperlinks in SMS

While this information is accurate for The Dutch Bank, it’s important to say that many banks, regardless of location, are generally cautious about sending hyperlinks via SMS due to security risks.

There is a widespread fraudulent practice called “smishing” (SMS-phishing) where scammers send messages pretending to be trustworthy entities, including banks, and ask customers to click on a link that leads them to a fake website. On this website, the customer is often asked to fill in personal and financial details, which the scammers then steal.

Because of this risk, and to help customers distinguish real communication from fraudulent, many banks have chosen not to include hyperlinks in their SMS messages. This is not an absolute rule, and some banks may choose to send links under certain circumstances, but it is a generally followed best practice.

For specific information about each bank, you should check their communication policy directly or contact them.

A number as sender

Should there be a mobile number (06 number in the Netherlands) as the sender on the SMS, know that the bank will never use a mobile number as the sender. There will never be a number, but a text indicating who the sender is.

While this information specifically pertains to The Dutch Bank, it’s generally accurate to say that many banks, irrespective of their geographical location, typically use a sender’s text instead of a number as the sender’s identifier.

For specific information about each bank, you should check their communication policy directly or contact them.

Reference Notes:

You may already be aware of my collaboration with the Dutch government and their endorsement of my Information Security PubQuiz. If not, you can read about it here. Regrettably, the government education site that underpins part of my PubQuizzes is not available in English. Therefore, I’ve translated the articles from “veiliginternetten.nl” and “alertonline.nl” and you can read them on my site. The original source for this article, in Dutch, can be found here.